Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Turn on mailbox auditing for all users

Copper Contributor

Hello:

 

I checked on SecureScore website the status for my company and one feature that I have suggested to apply is "Turn on mailbox auditing for all users" because only 6 of 2330 mailboxes that I manage has applied.

 

When I check current status of my company mailboxes appears like this:

 

AuditEnabled AuditDelegate AuditAdmin
----------------- ------------ ------------- ----------
MAILBOX NAME  "AuditEnabled" True "AuditDelegate" {Update, MoveToDeletedItems, SoftDelete, HardDelete...} "AuditAdmin" {Update, MoveToDeletedItems, SoftDelete, HardDelete...}

 

So I understand that currently is applied, why securescore web site it's still suggesting me and appearing as not applied? how can I update it to mark as "no pending action"?

 

Thanks for the help!

 

Ferran.

5 Replies
best response confirmed by Deleted
Solution

Auditing is enabled for all (user) mailboxes by default now, this is a change that's currently rolling out across the service. Secure Score still has the "old" recommendation to enable this via PowerShell scripts, I imagine once the rollout of the "auto-enable audit" feature completes, this will be updated in Secure Score as well.

Perfect, thanks for the info!

When it's supposed to be applied?

 

Best Regards,

Is there a way to check if we the mailbox auditing enablement is turned on while we wait for the rollout? 

@Ferranrg 

I'm having issues running the powershell script for this. 

https://github.com/OfficeDev/O365-InvestigationTooling/blob/master/EnableMailboxAuditing.ps1

 

SecureScore is reporting that none of my users mailboxes are audited, although reading this tread it suggests that it is being rolled out by default? Where/how do we check that / and update secure score.

Adding another to this. On one of my customer tenants it has mailbox auditing on by default as expected, I've checked all mailboxes and the global setting, all good. Yet the secure score isn't recognising it's enabled. 

1 best response

Accepted Solutions
best response confirmed by Deleted
Solution

Auditing is enabled for all (user) mailboxes by default now, this is a change that's currently rolling out across the service. Secure Score still has the "old" recommendation to enable this via PowerShell scripts, I imagine once the rollout of the "auto-enable audit" feature completes, this will be updated in Secure Score as well.

View solution in original post